MidnightBSD

Advisories for kyberdigi_labs

CVE-2004-2692 HIGH

The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-16,CWE-264,

Products Affected

Vendor Product Version
kyberdigi_labs php-exec-dir 4.3.7
kyberdigi_labs php-exec-dir 4.3.6
kyberdigi_labs php-exec-dir 4.3.3
kyberdigi_labs php-exec-dir 4.3.5
kyberdigi_labs php-exec-dir 4.3.4
kyberdigi_labs php-exec-dir 4.3.2